back to article Only 0.1% of you are doing web server security right

Venerable net-scan outfit Netcraft has issued what cliché would describe as “a stinging rebuke” to sysadmins the world over, for ignoring HTTP Public Key Pinning (HPKP). Pinning is designed to defend users against impersonation attacks, in which an attacker tricks a certificate authority to issue a fraudulent certificate for a …

  1. John Robson Silver badge

    Store the keys on the web server...

    and a copy on Dropbox, and you'll be fine....

    Does this refer to losing the keys as in "I lost my house keys and now I can't get in", or "I lost my keys, and now Eve can impersonate me".

    The first of those is pretty easy to defend against...

    1. Anonymous Coward
      Anonymous Coward

      Re: Store the keys on the web server...

      On Dropbox? Really?

      1. batfastad
        Joke

        Re: Store the keys on the web server...

        I'm not sure Dorpbox even give away enough space to store a private key do they?

      2. John Robson Silver badge

        Re: Store the keys on the web server...

        "On Dropbox? Really?"

        I really didn't expect that the joke icon, or the </sarcsm> tag would be necessary. I overestimated the humour detection of commentards...

        The point being that we can fairly easily defend a small piece of information against data loss.

  2. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: Only 0.1% of you...

      regmedia.co.uk is https though.

  3. Anonymous Coward
    Anonymous Coward

    Robust!

    “Pixabay has evidently decided that robust prevention of impersonation attacks is worth the risk.”

    It's more likely that this is evidence of yet another poor implementation. I can hear the question now, "If most website SSL certs are good for a year, then why didn't the people who developed this HPKP thing pick a more convenient TTL format than seconds?"

  4. Anonymous Coward
    Anonymous Coward

    Backup public key

    It was my understanding that you have to generate a backup public key for exactly this reason no?

    1. Preston Munchensonton

      Re: Backup public key

      Exactly. IMO, the lack of uptake can be traced directly to the requirement to have at least two certs pinned. Otherwise, the configuration is invalid and ignored by browsers.

    2. George Costanza

      Re: Backup public key

      Yes, and Pixabay do just that.

      Public-Key-Pins: pin-sha256="Kx1dtEVeqnPn0gfhzqIJfChEYFr5zMe+FjvcJ0AhVgE="; pin-sha256="zN9pxsvWtHm05/fKZ6zA1NJOq4j2NJJA3oIecCNc1eU="; max-age=31536000;

  5. John Smith 19 Gold badge
    Unhappy

    I'm guessing there's a lot to setting up a full web server *properly*

    And this is one of those bits that somehow aren't quite important enough to set up in the first phase, and forgotten about (by many) in the second phase.

    Sounds like something that should be on by default.

  6. Anonymous Coward
    Anonymous Coward

    never heard of it. What's recommended best practice? What are the impacts? Why isn't it a default? Looks like almost nobody knows about it (though I'm sure every response here will of course be in the 0.1% except me)

    1. Anonymous Coward
      Anonymous Coward

      May be just you

      https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

      but even this basic info, agrees with backup cert requirement, not necessarily a good idea to pin a root level cert...

      Overall it needs a bit more planning than just the deployment of your web server configuration though.

  7. BinkyTheMagicPaperclip Silver badge

    It's not exactly ideal

    Unsupported by IE, might lock your customers out for an extended period. Yep, I can see that being terribly popular from a business angle. Useful for a banking site, but for everything else?

    1. Tom -1

      Re: It's not exactly ideal

      It's a pity IE doesn't support it - and suggests that MS don't care for their customers' security. I wonder if Edge supports it?

  8. BazzaDP

    Risk versus Reward

    HPKP mitigates a very specific scenario: someone persuades a CA to issue a certificate for your website to them, AND they successfully implement a DNS poisoning attack to redirect traffic to their fake version of their site AND user has visited your site so has the HPKP policy cached. In that case HPKP will prevent a user visiting the fake site over HTTPS.

    I don't think that's a common scenario except for some very high profile targets.

    Additionally HPKP is deliberately not used for locally installed certs (or they would break local proxies and anti-virus scanners that create dummy certs automatically). A massive hole in this feature. To me a bad locally installed cert (e.g. Superfish) is much more likely than above scenario and this does nothing to protect against that.

    The risk to DOSing your own your site are HUGE. Just changing a cert will break your site unless you remember to update your HPKP policy in advance by the Time to Live amount. Yes you can pin the key (and get a new cert for same key - itself a bad practice), or use backup keys/certs, or pin either an intermediate cert or root cert but requires a lot of thought. And a lot of assumptions about which path will be used to go from your leaf cert to a trusted root cert. That's not to mention added complexity when the next SHA-2 style upgrade comes along, or you want to change cert provider and your path changes.

    Personally I wouldn't recommend it. I just don't see the reward compared to the low risk it mitigates and high risk it introduces.

    1. Michael Wojcik Silver badge

      Re: Risk versus Reward

      Exactly. HPKP is only a good decision under a very particular class of threat models. Whoever wrote this Netcraft report is yet another security researcher who's much better on technical details than on theory. And the theory is critical.

  9. GieltjE

    Because we have a more convenient protocol (TLSA) that works over a different protocol (DNS+DNSSEC) which can be updated in just 15 minutes and also works for all other protocols.

    1. yaronf

      We have DANE? No more than "we have" HPKP

      I don't have the numbers, but I would bet you a beer that DANE+TLSA servers are even fewer than those deploying HPKP. Both are good ideas in principle, both are very hard to implement right.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like